The Role of Infrastructure as Code in Edge Datacenter Computing
Having servers at the edge is nothing new. IT leaders recognize that while they want to centralize IT as much as possible to improve efficiency and reduce administrative costs, there is a need to bring systems, services and data closer to where it is needed will.
A Content Delivery Network (CDN) uses a network of servers to cache data closer to where it is consumed for faster access. In 2020, James Staten, Vice President, Principal Analyst at Forrester blogged that CDNs provide a way to couple endpoint-delivered applications with endpoint device content analysis. “Rather than simply allowing customers to bring their apps and data closer to the customer, these edge technologies collect data from the Internet of Things [IoT] End-user devices and mobile devices,” Staten wrote.
Conceptually, CDN can be seen as a form of edge computing by making data available closer to the point of consumption. In fact, the network of servers that make up a CDN is used to distribute data closer to the edge.
Edge computing and the idea of data centers at the edge extend this concept. Not only is data consumed at the edge, massive amounts of data processing can occur at the edge. This avoids the need to overload network bandwidth with huge amounts of data, e.g. B. Collecting video analytics streamed from networked CCTV cameras.
The devices and supporting IT infrastructure at the edge of the network take the IoT to the next level and offer the potential to run sophisticated enterprise systems in a decentralized manner.
From a software architecture perspective, the industry uses the term serverless computing to describe a method of provisioning the compute, storage, and network resources required to run cloud-native workloads. The benefit of serverless is that the application developer doesn’t have to worry about physical servers and they can reside in a public cloud, a private cloud running in an on-premises data center, or one running at the edge of the corporate network .
However, the IT operations landscape is growing exponentially as workloads are increasingly pushed to the edge of the network and more advanced computing occurs outside of a traditional data center environment. The simplicity of centralized IT administration is being replaced by the need to manage a diverse and highly distributed inventory of servers and devices at the edge.
Operation of corporate IT at the edge
Managing data center computing at the edge of the corporate network is becoming as important as managing centralized IT systems. There has always been a need to efficiently manage IT in branch offices and remote server rooms as they generally have fewer resources in terms of on-site IT administrators compared to the central IT function.
There is now a surge of activity around managing the configuration of IT systems in the same way source code is managed by software development teams. Scott McAllister, Developer Advocate at PagerDuty, says, “As IT infrastructure has become increasingly decoupled from physical machines that we can touch, the management and delivery of that infrastructure has shifted to software services in the cloud. These services come with robust user interfaces for manual configuration. However, managing these configurations at scale is cumbersome and can lead to system vulnerabilities.”
Once heralded as the future of infrastructure management and now a de facto best practice, Infrastructure as Code (IaC) is a process that automates the provisioning and management of compute resources using machine-readable templates. According to Chris Astley, Partner and Head of Engineering at KPMG UK, IaC is the clear choice for automation in the cloud context and is also making inroads into private data centres.
“Before IaC, systems engineers had the arduous task of manually provisioning and configuring their computing infrastructure,” he says. “With cloud providers in particular updating features and capabilities on a daily basis, this had become an overwhelming task. With IaC, engineers now have the ability to better manage version control, deploy and improve their organization’s cloud infrastructure faster, cheaper, and more efficiently than ever before.”
In addition to IaC’s faster, more consistent, and automated delivery of infrastructure for DevOps teams, Piyush Sharma, Tenable’s vice president of cloud security engineering, believes the greatest impact lies in the ability to transform the processes that power development , deployment and operation are used immutable infrastructure. “Whether development and DevOps teams are aware of it or not, the tools and approaches they use to solve technical challenges have an impact on the entire organization,” he says.
“IaC enforces immutability in the runtime infrastructure, which means that each component of the architecture is built with a precise configuration. This capability reduces the possibility of infrastructure variance that could move them away from desired configurations.”
While IT deployment processes have traditionally required long waits and manual effort, the benefit of IaC is that it allows teams to deploy the infrastructure they need in minutes with the push of a button, says Sharma. “Better yet, changing, scaling, or duplicating the environment is as easy as changing the source code and redeploying it,” he adds.
For Sharma, IaC is the key to modernizing manual processes in operations, breaking down organizational silos and delivering more value. He points out that applications need to scale automatically and ecosystems have evolved around approaches like Atlantis, Kubernetes and GitOps. “Operational tasks are reduced to code commits that trigger automated processes that reconcile runtime configuration with committed changes,” he says.
securing the edge
Less well known is IaC’s role in security. KPMG’s Astley urges organizations to integrate IaC into their cyber security strategy as soon as possible as it can help prevent and remediate cyber attacks. A recent study by Harvey Nash reported that nearly half (43%) of digital executives say they have a shortage of cyber security talent.
“IaC is something that can help automate some security tasks, reducing their workload and allowing InfoSec teams to focus on more business-critical issues,” says Astley.
While engineers used to have to deploy and configure their cloud manually, Astley’s experience is that using input scripts over IaC provides a single source of truth. He says: “The positive effect of this is the elimination of possible human error when making changes to the infrastructure, dramatically reducing the potential for opening up a new exploitable vulnerability that can be exploited by threat actors. It is also possible to view all code misconfigurations in one place and therefore manage and fix them faster.”
Astley also notes that the automation offered by IaC empowers IT operations teams to deploy updates from cloud providers immediately. “When new and secure iterations of cloud tools are released, there are minimal delays in updates, reducing risk,” he says.
As Astley states, one of the greatest benefits of IaC is that when done correctly, it is 100% accurate and up-to-date documentation of the live environment itself. “This will be invaluable to InfoSec teams conducting threat analysis,” he says. In fact, these threat assessments can be run automatically based on the code.
Additionally, Astley believes IaC provides a way for teams to build an understanding of common vulnerabilities and have a documented response and improvement process to address vulnerabilities discovered during threat assessment audits.
He says that IaC is also critical to a company’s recovery from a cyber incident – especially in light of common exploits like ransomware. “With IaC, resource requirements are already codified, making it ideal for incident response and disaster recovery,” he says.
“In the event of an attack, IaC now enables IT teams to perform disaster recovery by quickly generating a new, identical environment from the IaC scripts and the previous backups. Recovering to a known operational state within minutes is critical to quickly recovering from this scenario.”
John Davis, Distinguished Engineer at Kyndryl, believes that DevSecOps has encouraged developers to become more knowledgeable about infrastructure and operations to be more application-centric. He points out that IaC serves as a common language through which both can communicate, collaborate and create together.
But to be successful with IaC, Davis urges IT leaders to consider the broader system context of the build process. “Most companies have multiple systems that need to be updated due to new environments,” he says. “Anyone can quickly deploy a server in the cloud, but to become production-ready, secure and separate with the right network flows, a well-defined IaC design is key.”
Davis recommends that IT leaders need to consider how automated IT configuration updates can be integrated into the broader IT support ecosystem to maximize opportunities for using IaC. “Once you’ve moved to IaC, you should be able to remove secondary controls that were previously in place to validate the completeness of the manual work,” he says.
For Davis, an environment built with IaC through a DevOps pipeline provides granular execution and auditing capabilities that eliminate some of these controls.
Such capabilities are essential in the organization’s network in the context of an edge data center, whether in support of a remote server room, artificial intelligence data collection from edge devices, or enterprise systems in branch offices.